While I agree completely with Matt that user rules are in general pretty
safe, there is one more thing to be aware of. A badly-written regex can end
up being a DOS attack on SA itself, and by implication on the system and
mail processing path. Something with lots of * lengths and backtracking
could take minutes or hours to process if crafted carefully. Or even
carelessly by an idiot.
Since you are going through CPanel, perhaps you could put in something that
scans for and disallows * lengths in the allowed regexes, forcing people to
code {0,80} or whatever in place. That can still take a long time if
carefully mis-crafted, but in general will prevent well-meaning accidents.
Loren
- Re: custom rules within user_prefs Loren Wilton
-